#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH

echo "
#============================================
#   SYSTEM REQUIRED:  Ubuntu / Centos
#   DESCRIPTION:  Install Squid(with TLS)
#   VERSION:   1.2
#   AUTHOR:    reruin <reruin@gmail.com>
#============================================

"

#init

read -p "Please input Squid visible_hostname(squid):" hostname
if [ "$hostname" = "" ]; then
	hostname="squid"
fi

read -p "Please input Squid https port(4433):" port
if [ "$port" = "" ]; then
	port="4433"
fi

read -p "Please input Mysql Host(localhost):" mysqlhost
if [ "$mysqlhost" = "" ]; then
	mysqlhost="localhost"
fi

read -p "Please input Mysql Port(3306):" mysqlport
if [ "$mysqlport" = "" ]; then
    mysqlport="3306"
fi

read -p "Please input Mysql Database(squid):" mysqldb
if [ "$mysqldb" = "" ]; then
	mysqldb="squid"
fi

read -p "Please input Mysql User(root):" mysqluser
if [ "$mysqluser" = "" ]; then
	mysqluser="root"
fi

read -p "Please input Mysql Password(12345678):" mysqlpwd
if [ "$mysqlpwd" = "" ]; then
	mysqlpwd="12345678"
fi

clear
get_char()
{
    SAVEDSTTY=`stty -g`
    stty -echo
    stty cbreak
    dd if=/dev/tty bs=1 count=1 2> /dev/null
    stty -raw
    stty echo
    stty $SAVEDSTTY
}
echo ""
echo "Visible_hostname  : $hostname"
echo "Https Port        : $port"
echo "Mysql Host        : $mysqlhost"
echo "Mysql Port        : $mysqlport"
echo "Mysql Database    : $mysqldb"
echo "Mysql User        : $mysqluser"
echo "Mysql Password    : $mysqlpwd"
echo ""
echo "Press any key to start...or Press Ctrl+c to cancel"
char=`get_char`
clear


echo -e "\n|   Squid is installing ... "

#install some necessary tools
#Squid-3.5 is not compatible with OpenSSL v1.1+. As of Debian Squeeze, or Ubuntu Zesty the libssl1.0-dev package must be used instead. This is resolved in the Squid-4 packages when they become available.
if [ -n "$(command -v apt-get)" ]
then
    apt-get -y update >/dev/null 2>&1
    apt-get -y install wget gcc g++ make libgnutls28-dev libdbd-mysql-perl >/dev/null 2>/root/squid_install_error.log
elif [ -n "$(command -v yum)" ]
then
    yum -y install gcc gcc-c++ make openssl-devel perl-DBD-MySQL >/dev/null 2>/root/squid_install_error.log
fi



#download squid
cd ~
echo -e "\n|   Download Squid Package ... "
wget -O squid_latest.tar.gz http://www.squid-cache.org/Versions/v4/squid-4.8.tar.gz >/dev/null 2>&1
tar -xzf squid_latest.tar.gz
cd squid-4.8

#install
echo -e "\n|   Configure ... "

./configure --with-gnutls --enable-auth --enable-basic-auth-helpers=DB --with-default-user=squid >/dev/null 2>/root/squid_install_error.log

if [ $? -ne 0 ]; then
    echo -e "[Error] configure failed."
    exit 1
fi

echo -e "\n|   Compile ... "
make >/dev/null 2>/root/squid_install_error.log
make install >/dev/null 2>/root/squid_install_error.log

squiduser=`awk -F':' '{ print $1}' /etc/passwd | grep squid`
if [ "$squiduser" = "" ]; then
	useradd squid
fi

chmod 777 /usr/local/squid/var/logs

mv /usr/local/squid/etc/squid.conf /usr/local/squid/etc/squid.conf.bak
mkdir -p /usr/local/squid/cert

#save conf
cat >>/usr/local/squid/etc/squid.conf<<EOF
visible_hostname $hostname

acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-49999	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localhost manager
http_access deny manager

http_access allow localnet
http_access allow localhost
dns_v4_first on

auth_param basic program /usr/local/squid/libexec/basic_db_auth --dsn "dbi:mysql:host=$mysqlhost;port=$mysqlport;database=$mysqldb" --user $mysqluser --password $mysqlpwd --plaintext --persist
auth_param basic children 5
auth_param basic credentialsttl 2 hours
auth_param basic realm require auth
acl auth_user proxy_auth REQUIRED
http_access allow auth_user

http_access deny all


https_port $port tls-cert=/usr/local/squid/cert/ssl.crt tls-key=/usr/local/squid/cert/ssl.key

coredump_dir /usr/local/squid/var/cache/squid

refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern .		0	20%	4320
EOF

#save system service
cat >>/lib/systemd/system/squid.service<<EOF
[Unit]
Description=Squid daemon
After=network.target network-online.target nss-lookup.target

[Service]
Type=forking
PIDFile=/usr/local/squid/var/run/squid.pid
ExecStart=/usr/local/squid/sbin/squid -sYC
ExecStop=/bin/kill -HUP $MAINPID
ExecReload=/bin/kill -HUP $MAINPID
KillMode=mixed
Restart=on-failure
RestartSec=30s

[Install]
WantedBy=multi-user.target
EOF

ln -s /lib/systemd/system/squid.service /etc/systemd/system/squid.service

#auto startup
cat >>/etc/rc.local<<EOF
/usr/local/squid/sbin/squid -s
EOF

clear
#end
echo "
  Success !
"
